post written by: Marc Chernoff

6 Digitally Traceable Tracks We Unconsciously Leave Behind


Digital TracksWe live in a world of constant connection where the products of our existence interrelate in such a way that we rarely leave a clean slate behind us.  Many people fail to see the correlation between technological convenience and disruption of privacy.  Even when nobody is watching, it is quite plausible that a computer somewhere is.  The data tracks we leave behind are traceable, and when the dots are connected, the trail leads right back to us.

I have compiled a list of 6 digitally traceable tracks we unconsciously leave behind as we trek through our daily routines.  I have also included a hypothetical example of how easy it can be to track someone down online by tracing their online affiliations and dabbling with the information that is found.

1.  Username or Alias – While passwords are always private, usernames are generally available to the public.  Many people use the same username on every single digital account they access.  Likewise, many usernames also double as online aliases used for identity on various searchable social media sites, discussion forums, etc.  This means that you can Google someone’s username, discover other websites where they’ve used it, and see if any of these other sites publicly associate an email address with the username.  The email address can then be Google’d in an effort to uncover the real name of the individual who owns it.  Another option would be to send the person a well crafted email in hopes that that they will reply from an email client that includes their real name in the headers.

2.  IP Address - When you connect to the Internet you are assigned a unique Internet Protocol (IP) address that allows your computer to communicate with others.  Unless you use an anonymizing service such as Tor, or a free anonymous web proxy, your IP address is fairly easy to trace.  Your IP address is logged by every web server you visit and associated with every email you send.  There are numerous websites that offer free IP lookup services capable of telling someone the city, state and Internet service provider for any given IP address.  How do you think the RIAA tracks down all those vicious (just kidding) 14 year old peer to peer music pirates?

3.  Mobile Phone Transmission - As you drive around town chatting on your mobile phone your signal is being handed off from one mobile phone tower to the next. Most urban areas have several towers serving the vicinity.  If you are near at least three towers your exact whereabouts can be pinpointed to within a few hundred feet via a measurement process called triangulation.  Your location can usually be measured within a mile or so even in rural areas lacking three available towers.  Many large service providers make these capabilities widely known.  Sprint/Nextel calls it “Mobile Locator“.  Newer phones that include GPS capabilities can make the tracking process even easier.

4.  Vehicle Telematics and GPS Monitoring – These systems are used for a variety of purposes including, but not limited to, stolen vehicle tracking, emergency collision notification, mechanical diagnostics reporting, and driver navigation assistance.  General Motors’ OnStar service is one of the more mainstream examples of a vehicle telematics system.  OnStar can instantly transmit detailed vehicle data back to their support center, including information about the mechanical condition and exact location of the vehicle.  Advocates say vehicle telematics systems provide an essential driver security service.  Critics say it’s a major privacy concern, comparing it to that of “Big Brother” tracking your every move.  One thing is for sure, with vehicle telematics you’re leaving digital tracks everywhere you go.

5.  Public Transit Cards - Most urban areas with public transit systems now rely on some form of passenger payment card to keep track of passenger fares. Each card is equipped with a data strip and serial number unique to that specific card.  The transit computer systems use the serial number and data strip to keep track of the prepaid fare balance on each card.  Frequent passengers typically recharge the dollar balance on their transit cards automatically via a credit card, thus tying the passenger’s full name and credit info to the unique serial number on their card.  When a passenger swipes their transit card to board a public transportation vehicle the location and timestamp are recorded in the transit system’s computer database.  Although access to these records is restricted, police often use them to tie criminals to the time and place of a crime.

6.  Malware - Malware (also called spyware or adware) is a generalized term describing computer software programs that automatically download and install themselves onto your computer without your permission or knowledge.  Much like a Trojan horse, malware can be hidden on malicious web pages or within other computer programs.  A user is infected when they use the web page or infected application.  The most common kind of malware will keep track of the websites you visit in order to target relevant pop-up ads to display on your computer as you browse the web.  Many of these same malware applications will also send your web browsing habits back to the creators for statistical evaluation purposes.  There are also more ruthless malware Trojans that record your keystrokes, steal your passwords, and even allow your computer to be remotely controlled by a computer cracker’s botnet.  If you’re not using a decent anti-malware suite your computer could be silently spilling your every move to the bad guys.

BONUS: Tracking Someone Down Online – I thought it would be fun to give a brief example of how a complete stranger could track someone down using the seemingly innocuous data we all regularly leave behind online.  I’m not suggesting that anyone should actually do this; it would be pretty darn creepy and stalker-like.  The point here is not to create paranoia, but to instead spread awareness.  Most people don’t realize how easy it is phish out pieces of information online and connect the dots.  Consider the following hypothetical scenario:

You’ve been chatting online with someone via MySpace for a couple of weeks now.  You decide you want to find out more about them.  Without asking them any personal questions, you take the following steps:

  1. You type their exact MySpace username/alias into Google.  Google returns a variety of results including a series of posts on a discussion board forum.  The discussion board has a user profile page that displays basic information on the user including the user’s email address.
  2. You could now Google the email address, but instead you decide to run it though the Flickr Friends search tool.  This tool will tell you if a Flickr account has been opened using a specific email address.  Flickr is a popular photo sharing site.  Lo and behold, an account exists that matches the email address.
  3. You visit the user’s Flickr page which has various photo galleries of people at social gatherings.  After awhile you find a photo tagged with captions from a first-person perspective.  The caption clearly indicates which person in the photo owns the gallery, whom also happens to be the target you’re tracking down.  Now you know what they look like.  Hmmmm…. interesting.
  4. You create a free Gmail account with a username similar to one of the aliases found on either your target’s MySpace friends list or their Flickr contacts list.  You craft a well written email to the target claiming to be the person whose alias you stole.  The goal is to get the target to reply to your email.  This email also contains an HTML embedded photo that you placed in a very obscure place on your public web server.  You placed it in an obscure place so that no body else would accidentally find it.
  5. Your target checks the email and believes that you probably are who you claim to be, so they happily reply.  The email they send back to you has a “From:” header that includes their full name.  In the process of checking the email they also opened/accessed the random embedded photo housed on your web server.  You check your web server logs to see what IP address accessed the photo. (Note: You may also be able to get their IP address from the full headers in the reply email.)
  6. You take their IP address and plug it into the WhatIsMyIP IP Lookup tool which returns the geographic location and city where their IP address originates.

So let’s recap… You started off knowing only a person’s online alias, but now you know their full name, city and location, email address, and you have their photo.  Finding their physical street address at this point is a cakewalk.  One could make the argument that not everyone is quite this easy to track down online.  But you do have to wonder, how people actually are?  I bet there are thousands of them… and I’m also pretty confident that you know a least a few of them personally.

For a great read on computer privacy, also check out:

Download the ebook If you enjoyed this article, check out our new best-selling book.
Marc and Angel Subscription via Email And get inspiring life tips and quotes in your inbox (it's free)...

Enter your email address to get new articles delivered for free:



15 Comments

  • Interesting article though I’m a bit reluctant to comment and leave yet another trace of my presence behind ;)

    I’m glad you briefly mentioned TOR, many people haven’t heard of it much less used it.

    Don’t forget you can always change your MAC address, surf the net from public locations, pay with cash, use a service like 10minutemail, and search via Googlonymous, block third party cookies, use a good Hosts file, etc.

    Of course, this is all for the really paranoid conspiracy theorist. Its much easier to just live a normal life and not worry about this stuff. I mean why would someone unless they’re doing illegal stuff or just really interested in security.

  • @Matt:

    Thanks for the insightful comment. I completely agree with your points. Being overly paranoid in life will only hinder your overall productivity and general happiness. I don’t think people need to alter their habits such that they completely prevent the act of leaving a digital trail behind, but I do think people need to be aware that this digital track record exists. Awareness is important, and so many people are clueless.

  • Another track is having your network card’s MAC address logged by the free wireless access point at the local internet cafe :-)

    @Matt - as I understand it, your MAC address would not normally be available anywhere beyond the first router. It does not go over the internet, like the IP address does. So the only scenario where you’d care about it, is when you were using a free wireless access point to obtaina temporary IP address which could not be traced to you.

  • @Marc: I agree with you that awareness is important. I’m glad you’re writing posts like these to help spread the message.

    @TC: You are correct, your MAC address is only used on a LAN. IP addresses work across a WAN/Internet.

    My point about changing you’re MAC address not only comes into play at free wireless access points as you mentioned but also if you’re remoting in to another LAN via a VPN or similar connection in order to conduct some work.

  • […] and Angel presents 6 Digitally Traceable Tracks We Unconsciously Leave Behind | Marc and Angel posted at Marc and Angel, saying, “I have compiled a list of 6 digitally traceable tracks we […]

  • Hi!

    Information Security Carnival is up here and your submission was selected.

    By the way, great article!

  • I agree with Marcs reply to Matt. The most important part is knowing that potentially every action you do online is traceable.

  • Nice blog! This is a very informative post.

  • The point about changing you’re MAC address not only comes into play at free wireless access points as you mentioned but also if you’re remoting in to another LAN via a VPN or similar connection in order to conduct some work.

  • i will add this site to my favorite list because of it’s great articles.
    can you publish or refer about this in french language?

  • Dude, you are working too hard. LOL Just go input their email into Spokeo.com and it will search a wide variety of social networking sites and give you the goods on your bud. (Also try using the uid at different email services, in case, like me, they have a dozen or so. )

    Just FYI I deliberately use the same uids (gwenny and gtpooh) because I WANT to be tracked. LOL I’m working at ninja-ing the first three pages of google results for both.

  • The easy way around them finding out your name is to have 2 differnt emails that you use one for interacting with real life friends and one for online stuff

  • Interesting article. Were did you got all the information from… :)

  • really a good article …..
    describing loopholes while surfing , which most of us don’t know…

  • I’ve given up on any sense of internet privacy anymore. I refuse to use FB or any other social sites, but what does it matter at the end of the day. Google and all the other internet snoops still follow you around wherever you go. Unless you’re fully up to speed with obtaining full privacy when online - its an impossibility for almost everyone to keep ahead of the powers that want to “stalk” us.

Leave a Reply